Why Anyone Would Want to Steal 44 Million Game Accounts
This week, Symantec reported its discovery of a veritable thieves horde: a server holding the login info of 44,000,000 stolen MMORPG accounts. After surveying a few websites, Symantec came up with a range of values for the data on the server, capping out at around $30,000.
If you’re not a regular online gamer, you may be wondering why game accounts are so valuable. At the very least, you might be wondering why someone would go to the trouble of grabbing the log in info for so many accounts that they have to craft a unique program simply to figure out which ones still work.
As a regular World of Warcraft player with account security on the brain, allow me to give you a brief explanation.
Gold Farming: It Exists
Gold farming is the inevitable byproduct of any popular online game that has an in-game economy. In most games, an in-game item must be earned through some sort of in-game effort. However, if the item can be traded or bought in the virtual world, you can guarantee that someone in the real world is willing to give you the virtual item (perhaps a true “item” like a weapon or piece of armor, or perhaps simply an amount of in-game currency) if you agree to give them real money for it.
Hence, gold selling, and its resource gathering twin, gold farming. It’s worth mentioning at this point that buying virtual items for real money is not illegal. It is, however, against the Terms of Service of most major MMORPGs, and if a player is caught doing so, it will result in the banning of their account.
(A gold black market is pretty universal across MMO’s, unless, of course, the gamemakers take an end-run around the whole problem by selling in-game items for out-of-game cash themselves. *ahem*)
How To (Illicitly) Get Gold
If you really want an in-depth, if outsidery, explanation of the logistics of Gold Farming, look no further than this New York Times Magazine article from 2007. Basically, your average gold farmer’s work day isn’t too different from your average sweatshop worker’s day. Long, underpaid, monotonous, and stigmatized. The manager of the operation sells the gold collected by a few workers grinding boars for twelve hours* (remember that scene in the South Park World of Warcraft episode?) to an online retailer, who then sells the gold to players.
Note that this involves significant manpower and a lengthy supply chain. Gold farmers also run the risk that their accounts will be detected as gold farming accounts by the game authorities, and banned.
Which is where we get to account hacking. Why grind for hours picking up coins and scraps of cloth when you can take advantage of some idiot who clicked on the wrong link? After all, 11.5 million people play World of Warcraft. That’s a lot of potential misguided clicks. Trojan the right computer, and you could have a max-leveled character in pristine armor sitting on a respectable nest egg in minutes, instead of months.
As a WoW player, I can tell you a bit about how Blizzard has reacted to reduce the impact that gold selling has on its game. World of Warcraft has been live since 2004, and its had a lot of time to evolve since then. Blizzard took a lot of the random chance out of acquiring wealth by creating repeatable quests that have a guaranteed effort/reward ratio. It has also created a number of simple methods that allow players to report phishing scams in in-game mail (yes, they exist), and in-game gold seller advertisements (usually they take the form of private tells, or, no joke, spelling out the site url in dead characters).
As the stewards of a virtual universe, the Blizzard team puts a lot of effort and thought towards stabilizing the in game economy, recognizing that if the economy is skewed, players are more likely to turn to illicit methods to obtain the goods they want for their characters.
In the interest of full disclosure, I should mention that Blizzard has recently begun to sell in game items for real money, though they have pledged that they will never sell an item that has an effect on gameplay mechanics, such as a weapon; limiting themselves to vanity items like little pets and sparkleponies.
I rarely hear much anymore about gold farmer sightings (one badly equipped character who doesn’t respond to tells killing one kind of monster in one place for hours upon hours upon hours). The community is now much more focused on account security: keeping your characters out of the hands of hackers. Since the characters that you have poured time and effort in to technically belong to Blizzard, and not you, the company is not legally required to fix the damage that can be caused to an account by someone who wants to gut it for it’s gold content. Of course, if they didn’t, it’d be a PR nightmare, so you can usually count on getting your stuff back eventually.
This sort of thing has made me much more careful about my World of Warcraft login info than, say, my bank info. If my real world identity is stolen, there are laws to protect me. Not so much for my virtual selves. Welcome to the future: We promise it’s not so bad once you get used to it. Blizzard has even developed a security token for use with your account, accomplishing the dual goals of assuaging user stress and keeping them from having to spend even more time restoring accounts.
Why Gold Selling Still Works
Why does gold selling work? Why is it still around despite the best efforts of game publishers? Because people want to buy gold. Note that Blizzard’s first response to the problem was to make it easier for players to get gold, not harder for sellers to get gold. As long as there is a market for their product, gold selling will be around, and account hacking is currently the method du jour.
And that’s why some loser has 44 million passwords on his server somewhere, worth up to $30,000.
*Well, okay, not boars, because animals don’t drop coins, but you see my point.